CVE-2024-48531

Name of the Vulnerable Software and Affected Versions eSoft Planner version 3.24.08271-USA

Description A reflected cross-site scripting (XSS) issue in the Rental Availability module allows attackers to execute arbitrary code in the context of a user's browser by injecting a crafted payload. This enables the execution of malicious scripts, potentially leading to unauthorized actions or data exposure.

Recommendations For eSoft Planner version 3.24.08271-USA, consider disabling the Rental Availability module until a patch is available to prevent exploitation of the reflected XSS vulnerability. Restrict access to this module to minimize the risk of arbitrary code execution in the context of a user's browser. At the moment, there is no information about a newer version that contains a fix for this vulnerability.